Trojan RAT: Stopping Exploit Spoofing with Machine Learning
Github exploit POCs are being used to distribute malware - here’s a guide for stopping it.
This threat vector is possible since the rise of github as a source of POC exploits. The phenomenon was first noticed by Jay Jacobs at the start of 2021, and has only accelerated since then.
Github’s rise as a source of exploit POCs in 2021
The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. This presents an exciting test for our least talked about model - exploit identification.
The standard way threat intel teams and OSINT vendors use github as a source of exploits is to look for mentions of CVEs and correlate those repos as exploits. Sometimes there is manual review, but in this case that may be too late.
At Empirical we build a model, trained on expert judgement, that uses llms to classify code and builds a deterministic classical ML classifier on top of that data to determine if a repository is an exploit or not. The not case, if it works well, should take care of the Tojan Rat threat vector. Let’s see if it does.
Due to the way the information is structured, Kaspersky believes that the text was generated using an artificial intelligence model. There are 15 CVEs which the threat actor is using to distribute the WebRAT malware. Let’s see how our model scores them in terms of probability of being an actual exploit:
Scoring of 15 WebRAT exploit spoofing attacks by Empirical’s ML model
None of them clear a 64% chance of being a POC, but that’s still pretty high. The key to our ML model is our threshold. We use .87 as a cutoff for adding something as an exploit repository to our dataset, meaning we bias very strongly towards precision. The reason is that this model doesn’t exist in isolation, it adds to an already giant repository of known exploit POCs. It is much riskier to add, say, a WebRAT malware than to track another POC that’s low probability.
Here’s the full distribution of repos mentioning CVEs scored by our model, thanks to our data scientist Ian Joffe for the analysis:
Most CVE mentions on Github are not exploits
As a result of that high threshold, all 15 are below our ML model’s threshold and are tracked - but not labeled as exploits. Interestingly enough, this is an mild case of threat actors using AI to poison a legitimate workflow for defenders. A well trained ML system is already working to mitigate.
